Without strong cybersecurity, backdoors will remain open

Ahead of an appearance in Killarney this week, John O’Mahony interviews Deloitte’s Rob Wainwright, a cybersecurity expert.

A leading authority on cybersecurity has warned that there are still too many mistakes being made by companies and individuals who are being targeted and exposed to scams operated by sophisticated criminals who can cause significant disruption to businesses.

Some of the fundamentals of even the basic security architecture are very often not put in place and criminals are finding it so easy to keep stealing data.

“Without strong or even adequate cybersecurity, backdoors will remain open for bad actors to access and do harm,” said Rob Wainwright, a partner at Deloitte who was formerly executive director of Europol, the EU’s law enforcement agency coordinating global operations against cyber, criminal and terrorist networks.

Wainwright said the threat landscape is becoming much more complex and it keeps increasing in scale with cybercriminal groups stealing data from the banking sector, health sector and many others, and selling it on for exploitation in fraud markets.

“Illegal acquisition and exploitation of data is really what fuels the cybercrime economy. At the top end is a much more sophisticated range of attacks directly targeted to try to take over accounts of bank systems and bank transfer payments systems, in addition to attacks on communications industries and the pharma sector to try to steal industrial secrets,” he stated.

The threat is a vulnerability everybody faces from living and working in an increasingly interconnected global digital system with businesses having long and complex supply chains. This increases the number of vulnerability points.

Security standards and awareness have improved and the investment required to fix the problems is being provided, particularly in areas such as the banking sector, but in other areas there is still a great deal to do, Wainwright insisted.

“Technology users are increasingly exposed to threats, sometimes even when they are not the intended target. There have been incidents in the last couple of years where global industries have almost had their networks completely wiped by picking up a virus and being at the wrong place at the wrong time.”

Currently serving as a board member with the World Economic Forum Centre for Cybersecurity, and the Global Cyber Alliance, Wainwright said an issue of concern is the emergence of a professional cybercriminal economy with some really smart people working together in a syndicated operation to share their capabilities and to develop clever new ways of attacking targets.

“They are exploiting new technologies all the time and they are very quick to do that. You see them taking advantage of cryptocurrencies and internet devices with new means to try and get to organisations and their information,” he said.

Some of the most popular technology products on the market have good in-built security systems; however, the problem is not the in-built hardware or the software but how users operate them.

“There’s a real danger of being compromised with a smartphone by clicking on the wrong link or not having a strong enough password and not changing it enough. More often than not it’s about user awareness and user activity,” the cybersecurity expect said.

He said many people are still being duped and compromised by simple phishing exercises – such as emails asking to reconfirm banking credentials – and the standard of such scams is increasing so greater care is required.

“Yes, some of them are still easily identified by things like basic spelling mistakes but there are others that are more sophisticated. Scattergun phishing emails are being sent to very high numbers of people in the hope that they can get a 1 or 2pc hit rate.

“Then you’ll get spear phishing, which is the direct targeting of identified people who hold very important or sensitive functions in a company or, in some cases, the direct targeting of older people knowing that might be less likely to be cyber-aware.

“All of us have to adopt the strongest cybersecurity culture – what we instinctively do and think about in our daily lives and daily business is a useful measure of what the fundamental levels of awareness in an organisation are,” Wainwright stated.

With a career spanning more than 30 years in journalism and publishing, John O’Mahony has written extensively for local, national, and international newspapers and magazines. A native of Killarney, Co Kerry, he is a former newspaper editor and now concentrates on online publishing and public relations. He is the owner and publisher of KillarneyToday.com – an online newspaper that reaches several thousand readers every day – and he specialises in breaking news, politics and community affairs.

Registration for the Cyber Security Transatlantic Policy Forum is open at the cost of €195 per attendee. Bookings can be made online, by calling 064 776 7181 or by emailing info@killarneyeconomicconference.com.